Comment: Security is a deal-breaker for business IoT devices
- الكاتب:Ella Cai
- الافراج عن:2017-11-16
There is a big difference between the security and quality needs of consumers and businesses buying IoT electronic equipment, writes Andrew Barratt, UK managing director of Coalfire
When a typical consumer shops for a new connected device, they are looking for the best functionality at the lowest price. It’s unlikely that security will be the key concern in their decision-making process. But manufacturers selling devices for business use are dealing with a far more security-savvy and risk-averse customer base.
The focus on price means consumer devices vary wildly in quality and security. As a result, there has been a steady stream of privacy breaches involving consumer-connected smart devices, although the impact on sales is usually limited.
Many of these devices constantly collect audio and video feeds from inside users’ homes, and there is often no way for consumers to know for certain where this information goes or who has access to it.
Despite all this, it seems that cheap devices with minimal security continue to win out, although manufacturers of these products still need to be mindful of regulatory responsibilities, particularly regarding health and safety, that necessitate at least some cyber security input.
Businesses that take security systems seriously engage cyber specialists to scrutinise any device before it is used. In some cases, proactive manufacturers use security to demonstrate added value to their clients. However, IoT devices are increasingly becoming a concern for risk assessors, particularly in industrial applications such as automation and robotics, where it could affect the physical safety for employees.
The corporate model depends much more on repeat business than do consumer sales, so business-to-business IoT manufacturers cannot afford to offload risk on to the customer. If a product causes a security breach, it’s likely the client will be lost for good.
The only answer for those building devices is to bake robust security into design, along with comprehensive penetration testing before going to market and procedures for continuous diagnostics and monitoring thereafter.
While this will make devices costlier, they are also likely to be more attractive to corporate customers who – unlike consumers – tend to like their technology to be reassuringly expensive.
When a typical consumer shops for a new connected device, they are looking for the best functionality at the lowest price. It’s unlikely that security will be the key concern in their decision-making process. But manufacturers selling devices for business use are dealing with a far more security-savvy and risk-averse customer base.
The focus on price means consumer devices vary wildly in quality and security. As a result, there has been a steady stream of privacy breaches involving consumer-connected smart devices, although the impact on sales is usually limited.
Many of these devices constantly collect audio and video feeds from inside users’ homes, and there is often no way for consumers to know for certain where this information goes or who has access to it.
Despite all this, it seems that cheap devices with minimal security continue to win out, although manufacturers of these products still need to be mindful of regulatory responsibilities, particularly regarding health and safety, that necessitate at least some cyber security input.
Businesses that take security systems seriously engage cyber specialists to scrutinise any device before it is used. In some cases, proactive manufacturers use security to demonstrate added value to their clients. However, IoT devices are increasingly becoming a concern for risk assessors, particularly in industrial applications such as automation and robotics, where it could affect the physical safety for employees.
The corporate model depends much more on repeat business than do consumer sales, so business-to-business IoT manufacturers cannot afford to offload risk on to the customer. If a product causes a security breach, it’s likely the client will be lost for good.
The only answer for those building devices is to bake robust security into design, along with comprehensive penetration testing before going to market and procedures for continuous diagnostics and monitoring thereafter.
While this will make devices costlier, they are also likely to be more attractive to corporate customers who – unlike consumers – tend to like their technology to be reassuringly expensive.